Add rules to deny forced updates to refs which are not under

TROVE_ID/${user}/...

This reduces the chances of accidental force-pushes to branches
if you are using an old version of git or have misconfigured it.

Reviewed-By: Richard Maw <richard.maw@codethink.co.uk>

3 files changed, 8 insertions, 3 deletions

diff --git a/gitano-admin/rules/defines.lace b/gitano-admin/rules/defines.lace
index d24b858..ab49034 100644
--- a/gitano-admin/rules/defines.lace
+++ b/gitano-admin/rules/defines.lace
@@ -4,7 +4,7 @@
 #   | || | | (_) \ V /  __/
 #   |_||_|  \___/ \_/ \___|
 #
-# Copyright 2012 Codethink Limited
+# Copyright 2012,2013 Codethink Limited
 #
 # Core definitions for access control
 
@@ -82,6 +82,7 @@ define is_admin_ref ref refs/gitano/admin
 #
 
 define repo_is_personal repository ~^##ESC_PERSONAL_PREFIX##/${user}/
+define ref_is_personal ref ~^refs/heads/##ESC_PREFIX##/${user}/
 define repo_is_local_project repository ~^##ESC_PREFIX##/[^/]+/
 
 define project_reader  group ${repository/2}-readers
diff --git a/gitano-admin/rules/other-project.lace b/gitano-admin/rules/other-project.lace
index ad88098..a42c06a 100644
--- a/gitano-admin/rules/other-project.lace
+++ b/gitano-admin/rules/other-project.lace
@@ -4,7 +4,7 @@
 #   | || | | (_) \ V /  __/
 #   |_||_|  \___/ \_/ \___|
 #
-# Copyright 2012 Codethink Limited
+# Copyright 2012,2013 Codethink Limited
 #
 # Rules for any repository not under ##PREFIX##
 
@@ -17,6 +17,9 @@ allow "Anyone may write here" op_write
 # Lorry can do anything reffy which is not inside the local refs
 allow "Lorry may touch everything but refs/heads/##PREFIX##" op_is_reffy is_lorry !is_local_ref
 
+# Noone can rewind/rebase outside of their personal refs
+deny "Non-personal branches may not be rewound/rebased" op_forcedupdate !is_lorry !ref_is_personal
+
 # Everyone else can do reffy things inside refs/heads/##PREFIX##
 allow "Project writers may alter any refs" op_is_reffy !is_lorry is_local_ref
 
diff --git a/gitano-admin/rules/trove-project.lace b/gitano-admin/rules/trove-project.lace
index 5ba9e37..383ba98 100644
--- a/gitano-admin/rules/trove-project.lace
+++ b/gitano-admin/rules/trove-project.lace
@@ -4,7 +4,7 @@
 #   | || | | (_) \ V /  __/
 #   |_||_|  \___/ \_/ \___|
 #
-# Copyright 2012 Codethink Limited
+# Copyright 2012,2013 Codethink Limited
 #
 # Rules for ##PREFIX##/... repositories
 
@@ -17,6 +17,7 @@ allow "Project writers may write" op_write project_writer
 deny "This repository is not for you" op_write
 
 # Ref based rules for the repo
+deny "Non-personal branches may not be rewound/rebased" op_forcedupdate !ref_is_personal
 
 ## Master
 allow "Master may be created" op_createref master_ref